4 Replies Latest reply on Apr 13, 2015 3:01 AM by palex

    Network DLP didn't see traffic

    palex

      Good day.
      Please help me in solving the problem.
       
      We have installed server Network DLP (Manager, Monitor, Prevent, Discover) on a VM (esxi) in accordance with the instructions (user manuals). Virtual switch VM mode of operation and the traffic is completely duplicated on all their interfaces. Duplication of traffic we tested on a VM (esxi) with windows. As a result, Network DLP only sees traffic from servers DLP. The rest of the traffic is not visible.
      What do we do?

      Kind regards.

        • 1. Re: Network DLP didn't see traffic
          tonyw

          How is the data being provided to the NDLP instances?

           

          Prevent will require a web proxy (MWG) or email proxy (MEG) to send the data over to be inspected.

          Discover requires a scan to be configured via the Manager to target a location with data (file share, http, database) to pull data from.

          Monitor needs eth2 or eth3 set to span or tap traffic from the switch in order to see it.

          • 2. Re: Network DLP didn't see traffic
            palex

            Thanks, tonyw!

            I don't know how I can run Prevent and Monitor.

            I have virtual switch which is switched to the operation mode of the hub and the traffic is completely duplicated.

            I install all network applianses to VM esxi. I set eth2 to Monitor.

            What do I need else?

            • 3. Re: Network DLP didn't see traffic
              tonyw

              For Monitor I assume all of your traffic flows are on an internal address space. In the Manager web GUI, go to "SYSTEM - System Administration - Capture Filters".  Under the Monitor's name, there's a Network Filters section.  The first one should be "Ignore-RFC1918".  Click the "X" at the far right to remove it. 

               

              By default the internal network traffic is ignored to minimize chatter.  Note: you won't be able to see any encrypted traffic unless you're terminating ssl over a proxy before it's passed to the Monitor.

              • 4. Re: Network DLP didn't see traffic
                palex

                Hi, all!

                 

                Anyone who is just beginning to install and configure NDLP, I recommend to view the following video:

                https://www.youtube.com/watch?v=XOjTwlyo4Yw

                Installing NDLP (any device) on a virtual machine will be extremely difficult without the installation instructions on the VM from McAfee. This instruction is not in free access, technical support (Gold) will not assist in the installation NDLP on a VM. Therefore, the solution of the puzzle called "instructions, which is not in freely accessible" everyone decides for themselves.


                Regards.